20559755733
78%

Ran 28 Dec 2025 09:25PM UTC

Jobs 27

Files 129

Run time 1min

Badge

Embed ▾

Committed 28 Dec 2025 09:24PM UTC coverage: 76.146% (-0.1%) from 76.244%

Build # 20559755733

Build Type

push

github

Committed by

web-flow

Commit Message

Move auth tokens from localStorage to httpOnly cookies (#621)

* Initial plan

* Migrate UI to cookie-based authentication (remove localStorage XSS risk)

- Updated AuthContext to use /auth/userinfo endpoint for auth state
- Removed all localStorage token storage from UI (AuthContext, api.ts, Callback, main.tsx)
- Updated api.ts to use credentials: 'include' for cookie-based auth
- Updated auth service /userinfo endpoint to accept tokens from cookies
- Updated nginx gateway to extract JWT from cookies and pass to backend services
- Auth tokens now stored in httpOnly cookies only (not accessible to JavaScript)

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Add COOKIE_SECURE config and authentication security documentation

- Fixed Login.tsx to use isAuthenticated instead of token
- Added COOKIE_SECURE environment variable to auth service config
- Created comprehensive AUTHENTICATION.md documentation
- Documented cookie-based auth flow, security features, and migration notes
- Verified no auth tokens stored in localStorage/sessionStorage

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Add comprehensive testing documentation and test cases

- Created test_userinfo_cookie.py for automated testing of /userinfo endpoint
- Created TESTING.md with detailed manual testing guide
- Documented 10 test scenarios covering login, API calls, logout, CSRF, etc.
- Includes security checklist for verification
- Tests verify cookie-based auth, XSS protection, and CSRF mitigation

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Address code review feedback

- Fixed Callback.tsx: removed unused checkAuth dependency
- Enhanced AuthContext loading UX with spinner during auth check
- Improved logout error logging with specific error messages
- Fixed security issue: use generic 'Authentication required' error message
- Added CSS animation for loading spinner
- UI builds successfully... (continued)

Run Details

0 of 13 new or added lines in 1 file covered. (0.0%)

1 existing line in 1 file now uncovered.

5928 of 7785 relevant lines covered (76.15%)

0.85 hits per line

New Missed Lines in Diff

Lines	Coverage	∆	File
13	35.17	-2.61%	adapters/copilot_auth/copilot_auth/middleware.py

Uncovered Existing Lines

Lines	Coverage	∆	File
1	35.17	-2.61%	adapters/copilot_auth/copilot_auth/middleware.py

Jobs

ID	Job ID	Ran	Files	Coverage
1	copilot_vectorstore - 20559755733.1	28 Dec 2025 09:25PM UTC	8	71.73	GitHub Action Run
2	copilot_metrics - 20559755733.2	28 Dec 2025 09:26PM UTC	6	41.74	GitHub Action Run
3	copilot_archive_fetcher_integration - 20559755733.3	28 Dec 2025 09:25PM UTC	9	45.68	GitHub Action Run
4	embedding - 20559755733.4	28 Dec 2025 09:28PM UTC	2	90.17	GitHub Action Run
5	copilot_summarization - 20559755733.5	28 Dec 2025 09:26PM UTC	8	96.73	GitHub Action Run
6	copilot_vectorstore_integration - 20559755733.6	28 Dec 2025 09:25PM UTC	8	20.29	GitHub Action Run
7	copilot_storage_integration - 20559755733.7	28 Dec 2025 09:26PM UTC	6	36.16	GitHub Action Run
8	orchestrator - 20559755733.8	28 Dec 2025 09:28PM UTC	2	66.11	GitHub Action Run
9	copilot_auth - 20559755733.9	28 Dec 2025 09:27PM UTC	12	43.59	GitHub Action Run
10	ingestion - 20559755733.10	28 Dec 2025 09:26PM UTC	5	82.34	GitHub Action Run
11	copilot_config - 20559755733.11	28 Dec 2025 09:25PM UTC	14	75.33	GitHub Action Run
12	copilot_schema_validation - 20559755733.12	28 Dec 2025 09:26PM UTC	7	87.46	GitHub Action Run
13	copilot_storage - 20559755733.13	28 Dec 2025 09:26PM UTC	6	67.51	GitHub Action Run
14	copilot_embedding - 20559755733.14	28 Dec 2025 09:26PM UTC	3	92.0	GitHub Action Run
15	copilot_events - 20559755733.15	28 Dec 2025 09:27PM UTC	11	60.44	GitHub Action Run
16	parsing - 20559755733.16	28 Dec 2025 09:27PM UTC	7	84.27	GitHub Action Run
17	copilot_schema_validation_integration - 20559755733.17	28 Dec 2025 09:26PM UTC	7	40.75	GitHub Action Run
18	chunking - 20559755733.18	28 Dec 2025 09:27PM UTC	2	83.33	GitHub Action Run
19	copilot_reporting - 20559755733.19	28 Dec 2025 09:27PM UTC	5	73.17	GitHub Action Run
20	summarization - 20559755733.20	28 Dec 2025 09:27PM UTC	2	90.7	GitHub Action Run
21	reporting - 20559755733.21	28 Dec 2025 09:27PM UTC	2	89.97	GitHub Action Run
22	copilot_draft_diff - 20559755733.22	28 Dec 2025 09:27PM UTC	6	98.77	GitHub Action Run
23	copilot_logging - 20559755733.23	28 Dec 2025 09:25PM UTC	7	71.7	GitHub Action Run
24	copilot_chunking - 20559755733.24	28 Dec 2025 09:27PM UTC	2	93.75	GitHub Action Run
25	copilot_events_integration - 20559755733.25	28 Dec 2025 09:25PM UTC	11	35.15	GitHub Action Run
26	copilot_archive_fetcher - 20559755733.26	28 Dec 2025 09:26PM UTC	9	67.49	GitHub Action Run
27	copilot_consensus - 20559755733.27	28 Dec 2025 09:26PM UTC	3	98.67	GitHub Action Run

Alan-Jowett / CoPilot-For-Consensus / 20559755733
78%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

New Missed Lines in Diff

Uncovered Existing Lines

Jobs

Source Files on build 20559755733

Alan-Jowett / CoPilot-For-Consensus / 20559755733 78%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

New Missed Lines in Diff

Uncovered Existing Lines

Jobs

Source Files on build 20559755733

Alan-Jowett / CoPilot-For-Consensus / 20559755733
78%

README BADGES
x